tor: update to 0.4.9.9.
Changes in version 0.4.9.9 - 2026-06-01
This is a security release fixing several major bugfixes that were reported
in the past weeks. We strongly recommend upgrading as soon as possible.
p5-Sereal-Decoder: update to 5.006.
5.006
* Use miniz 3.1.1
* Avoid deprecated ZSTD api.
* Tidy and regen.
5.005
* Update spec to document changes from version 5
* Security fixes - make sure that COPY tags cannot be used
to read past end of buffer.
fzf: update to 0.73.1.
Bug fixes
Skip $FZF_CURRENT_ITEM export when the item contains a NUL byte; exec(2) rejects the env, breaking preview and other child commands (#4806)
Fixed O(n^2) HTTP body accumulation in --listen; a single ~390 KB request could block the single-threaded server for ~8 s (Michal Majchrowicz, Marcin Wyczechowski, AFINE Team)
py-typer: update to 0.26.4.
0.26.4
Features
📝 Update AI Library Skill to avoid verbose code for CLI Options. PR #1808 by @tiangolo.
Internal
👷 Add CI to create draft release after merging a release PR. PR #1807 by @tiangolo.
👷 Update labeler to accept label release. PR #1806 by @tiangolo.
👷 Update GitHub Action permissions for prepare-release. PR #1804 by @tiangolo.
👷 Add GitHub Actions prepare release workflow. PR #1802 by @tiangolo.
👷 Update publish action, do not use uv cache. PR #1803 by @tiangolo.
⬆ Bump the python-packages group across 1 directory with 5 updates. PR #1793 by @dependabot[bot].
0.26.3
[7 lines not shown]
py-rpds-py: update to 2026.5.1.
Bump astral-sh/setup-uv from 7.1.2 to 7.1.4 by @dependabot[bot] in #205
Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #206
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #207
Bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @dependabot[bot] in #208
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #209
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #213
Bump actions/checkout from 5.0.1 to 6.0.1 by @dependabot[bot] in #212
Bump astral-sh/setup-uv from 7.1.4 to 7.1.6 by @dependabot[bot] in #214
Bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #215
Bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in #218
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #217
Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #216
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #219
Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 by @dependabot[bot] in #221
Bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #220
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #222
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #224
[36 lines not shown]
py-idna: update to 3.17.
## 3.17 (2026-05-28)
- Substantial 75% reduction in memory usage through new data
structures and some optimization in processing speed.
- Added a general 1024-character input length cap to the public
validation, conversion, and codec entry points. This is well above
any legitimate domain or label and guards against pathological
inputs.
py-docutils: update to 0.23.
Release 0.23 (2026-05-27)
=========================
General:
- Define `public API and backwards compatibility policy`_.
rST parser:
- Problems with the "include" directive are reported as ERROR, not SEVERE.
- The "include" directive options :start-after: and :end-before: may now
also be used without value (standing for an empty line).
- The highlight language of a custom role based on the `"code" role`_
defaults to the role's name (if supported by Pygments_).
Specifying ``:language: none`` turns off syntax highlight.
HTML5 writer:
- If a section has several IDs, use the last one (from the first
preceding `explicit target`__) as self-link_.
[31 lines not shown]
